From 1793455d24b018f9a4ec01d7389ab51a4e56d52f Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 25 Aug 2024 14:59:16 +0000 Subject: [PATCH 1/7] Parse address func + group address --- sources/config_reader.c | 68 +++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/sources/config_reader.c b/sources/config_reader.c index a17e029ae..6434b08a3 100644 --- a/sources/config_reader.c +++ b/sources/config_reader.c @@ -1775,30 +1775,7 @@ static int od_config_reader_rule_settings(od_config_reader_t *reader, } return NOT_OK_RESPONSE; } - -static int od_config_reader_route(od_config_reader_t *reader, char *db_name, - int db_name_len, int db_is_default, - od_extention_t *extentions) -{ - char *user_name = NULL; - int user_name_len = 0; - int user_is_default = 0; - - /* user name or default */ - if (od_config_reader_is(reader, OD_PARSER_STRING)) { - if (!od_config_reader_string(reader, &user_name)) - return NOT_OK_RESPONSE; - } else { - if (!od_config_reader_keyword(reader, - &od_config_keywords[OD_LDEFAULT])) - return NOT_OK_RESPONSE; - user_is_default = 1; - user_name = strdup("default_user"); - if (user_name == NULL) - return NOT_OK_RESPONSE; - } - user_name_len = strlen(user_name); - +static int od_config_reader_address(od_config_reader_t *reader, od_address_range_t *return_range){ /* address and mask or default */ char *addr_str = NULL; char *mask_str = NULL; @@ -1868,7 +1845,38 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, return NOT_OK_RESPONSE; } } + *return_range = address_range; + free(addr_str); + return OK_RESPONSE; +} +static int od_config_reader_route(od_config_reader_t *reader, char *db_name, + int db_name_len, int db_is_default, + od_extention_t *extentions) +{ + char *user_name = NULL; + int user_name_len = 0; + int user_is_default = 0; + + /* user name or default */ + if (od_config_reader_is(reader, OD_PARSER_STRING)) { + if (!od_config_reader_string(reader, &user_name)) + return NOT_OK_RESPONSE; + } else { + if (!od_config_reader_keyword(reader, + &od_config_keywords[OD_LDEFAULT])) + return NOT_OK_RESPONSE; + user_is_default = 1; + user_name = strdup("default_user"); + if (user_name == NULL) + return NOT_OK_RESPONSE; + } + user_name_len = strlen(user_name); + od_address_range_t address_range; + if(od_config_reader_address(reader,&address_range)){ + return NOT_OK_RESPONSE; + } + /* ensure rule does not exists and add new rule */ od_rule_t *rule; rule = od_rules_match(reader->rules, db_name, user_name, &address_range, @@ -1902,7 +1910,6 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, address_range.string_value_len = strlen(address_range.string_value); rule->address_range = address_range; - free(addr_str); /* { */ if (!od_config_reader_symbol(reader, '{')) @@ -1929,11 +1936,14 @@ static int od_config_reader_group(od_config_reader_t *reader, char *db_name, snprintf(route_usr, sizeof route_usr, "%s%s", "group_", group_name); snprintf(route_db, sizeof route_db, "%s", db_name); od_rule_t *rule; - od_address_range_t default_address_range = - od_address_range_create_default(); + od_address_range_t address_range; + if (od_config_reader_address(reader,&address_range)) + { + return NOT_OK_RESPONSE; + } rule = od_rules_match(reader->rules, route_db, route_usr, - &default_address_range, 0, 0, 1); + &address_range, 0, 0, 1); if (rule) { od_errorf(reader->error, "route '%s.%s': is redefined", route_usr, route_usr); @@ -1954,7 +1964,7 @@ static int od_config_reader_group(od_config_reader_t *reader, char *db_name, if (rule->db_name == NULL) return NOT_OK_RESPONSE; rule->db_name_len = strlen(rule->db_name); - rule->address_range = default_address_range; + rule->address_range = address_range; group->group_name = strdup(group_name); group->route_usr = strdup(rule->user_name); From dfb86c9ecbc83d21720b79b8d789b28ff66babe8 Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 25 Aug 2024 15:03:15 +0000 Subject: [PATCH 2/7] fmt --- sources/config_reader.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sources/config_reader.c b/sources/config_reader.c index 6434b08a3..0e36197c0 100644 --- a/sources/config_reader.c +++ b/sources/config_reader.c @@ -1775,7 +1775,9 @@ static int od_config_reader_rule_settings(od_config_reader_t *reader, } return NOT_OK_RESPONSE; } -static int od_config_reader_address(od_config_reader_t *reader, od_address_range_t *return_range){ +static int od_config_reader_address(od_config_reader_t *reader, + od_address_range_t *return_range) +{ /* address and mask or default */ char *addr_str = NULL; char *mask_str = NULL; @@ -1873,10 +1875,10 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, user_name_len = strlen(user_name); od_address_range_t address_range; - if(od_config_reader_address(reader,&address_range)){ + if (od_config_reader_address(reader, &address_range)) { return NOT_OK_RESPONSE; } - + /* ensure rule does not exists and add new rule */ od_rule_t *rule; rule = od_rules_match(reader->rules, db_name, user_name, &address_range, @@ -1910,7 +1912,6 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, address_range.string_value_len = strlen(address_range.string_value); rule->address_range = address_range; - /* { */ if (!od_config_reader_symbol(reader, '{')) return NOT_OK_RESPONSE; @@ -1937,8 +1938,7 @@ static int od_config_reader_group(od_config_reader_t *reader, char *db_name, snprintf(route_db, sizeof route_db, "%s", db_name); od_rule_t *rule; od_address_range_t address_range; - if (od_config_reader_address(reader,&address_range)) - { + if (od_config_reader_address(reader, &address_range)) { return NOT_OK_RESPONSE; } From d5ad35716eb45f6a3c51f4c9aa71a65fa0bd8c7c Mon Sep 17 00:00:00 2001 From: Victor Date: Sun, 25 Aug 2024 18:00:20 +0000 Subject: [PATCH 3/7] test --- docker/bin/setup | 2 +- docker/group/config.conf | 28 ++++++++++++++++++++++++++++ docker/group/test_group.sh | 28 +++++++++++++++++++++++++++- 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/docker/bin/setup b/docker/bin/setup index 66b210d97..b5b87d2c6 100755 --- a/docker/bin/setup +++ b/docker/bin/setup @@ -69,7 +69,7 @@ sudo sysctl -w kernel.core_pattern=/var/cores/core.%p.%e pgbench -i -h localhost -p 5432 -U postgres postgres # Create users -psql -h localhost -p 5432 -U postgres -c "set password_encryption TO 'md5'; create role group1; create role group2; create user group_checker; create user group_user1 password 'password1'; create user group_user2; create user group_user3; create user group_user4; create user group_user5; create user group_checker1; create user group_checker2;" -d group_db >> $SETUP_LOG 2>&1 || { +psql -h localhost -p 5432 -U postgres -c "set password_encryption TO 'md5'; create role group1; create role group2;create role group3;create role group4; create user group_checker; create user group_user1 password 'password1'; create user group_user2; create user group_user3; create user group_user4; create user group_user5; create user group_user6;create user group_user7; create user group_checker1; create user group_checker2;" -d group_db >> $SETUP_LOG 2>&1 || { echo "ERROR: users creation failed, examine the log" cat "$SETUP_LOG" cat "$PG_LOG" diff --git a/docker/group/config.conf b/docker/group/config.conf index 4fd8029bc..8033238ea 100644 --- a/docker/group/config.conf +++ b/docker/group/config.conf @@ -56,6 +56,34 @@ database "group_db" { group_query_user "postgres" group_query_db "postgres" } + group "group3" "127.0.0.0/24" { + authentication "none" + password "password2" + + storage "postgres_server" + storage_db "postgres" + storage_user "postgres" + + pool_routing "client_visible" + pool "session" + group_query "SELECT rolname FROM pg_roles WHERE pg_has_role(rolname, 'group3', 'member');" + group_query_user "postgres" + group_query_db "postgres" + } + group "group4" "255.0.0.0/24" { + authentication "none" + password "password2" + + storage "postgres_server" + storage_db "postgres" + storage_user "postgres" + + pool_routing "client_visible" + pool "session" + group_query "SELECT rolname FROM pg_roles WHERE pg_has_role(rolname, 'group4', 'member');" + group_query_user "postgres" + group_query_db "postgres" + } user default { authentication "block" storage "postgres_server" diff --git a/docker/group/test_group.sh b/docker/group/test_group.sh index 8e0e713a4..d46e70de7 100755 --- a/docker/group/test_group.sh +++ b/docker/group/test_group.sh @@ -4,7 +4,7 @@ set -ex /usr/bin/odyssey /group/config.conf -users=("group_user1" "group_user2" "group_user3" "group_user4" "group_user5") +users=("group_user1" "group_user2" "group_user3" "group_user4" "group_user5","group_user6","group_user7") for user in "${users[@]}"; do psql -h localhost -p 6432 -U "$user" -c "SELECT 1" group_db >/dev/null 2>&1 && { echo "ERROR: Authenticated with non-grouped user" @@ -25,6 +25,8 @@ psql -h localhost -p 5432 -U postgres -c "GRANT group1 TO group_user1;" group_db psql -h localhost -p 5432 -U postgres -c "GRANT group1 TO group_user2;" group_db psql -h localhost -p 5432 -U postgres -c "GRANT group2 TO group_user3;" group_db psql -h localhost -p 5432 -U postgres -c "GRANT group2 TO group_user4;" group_db +psql -h localhost -p 5432 -U postgres -c "GRANT group3 TO group_user6;" group_db +psql -h localhost -p 5432 -U postgres -c "GRANT group4 TO group_user7;" group_db /usr/bin/odyssey /group/config.conf @@ -66,4 +68,28 @@ psql -h localhost -p 6432 -U group_user3 -c "SELECT 1" group_db >/dev/null 2>&1 exit 1 } +psql -h ip4-localhost -p 6432 -U group_user6 -c "SELECT 1" group_db >/dev/null 2>&1 && { + echo "ERROR: Not authenticated with correct addr" + + cat /var/log/odyssey.log + echo " + + " + cat /var/log/postgresql/postgresql-14-main.log + + exit 1 +} + +psql -h ip4-localhost -p 6432 -U group_user7 -c "SELECT 1" group_db >/dev/null 2>&1 || { + echo "ERROR: Authenticated with incorrect addr" + + cat /var/log/odyssey.log + echo " + + " + cat /var/log/postgresql/postgresql-14-main.log + + exit 1 +} + ody-stop From 0c189f772774160af65811a4dc6c7310d69291a3 Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 26 Aug 2024 07:54:00 +0000 Subject: [PATCH 4/7] fix --- docker/group/test_group.sh | 2 +- sources/config_reader.c | 2 +- sources/rules.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/group/test_group.sh b/docker/group/test_group.sh index d46e70de7..ce0151e2b 100755 --- a/docker/group/test_group.sh +++ b/docker/group/test_group.sh @@ -4,7 +4,7 @@ set -ex /usr/bin/odyssey /group/config.conf -users=("group_user1" "group_user2" "group_user3" "group_user4" "group_user5","group_user6","group_user7") +users=("group_user1" "group_user2" "group_user3" "group_user4" "group_user5" "group_user6" "group_user7") for user in "${users[@]}"; do psql -h localhost -p 6432 -U "$user" -c "SELECT 1" group_db >/dev/null 2>&1 && { echo "ERROR: Authenticated with non-grouped user" diff --git a/sources/config_reader.c b/sources/config_reader.c index 0e36197c0..64f393b32 100644 --- a/sources/config_reader.c +++ b/sources/config_reader.c @@ -1847,6 +1847,7 @@ static int od_config_reader_address(od_config_reader_t *reader, return NOT_OK_RESPONSE; } } + address_range.string_value_len = strlen(address_range.string_value); *return_range = address_range; free(addr_str); return OK_RESPONSE; @@ -1909,7 +1910,6 @@ static int od_config_reader_route(od_config_reader_t *reader, char *db_name, if (rule->db_name == NULL) return NOT_OK_RESPONSE; - address_range.string_value_len = strlen(address_range.string_value); rule->address_range = address_range; /* { */ diff --git a/sources/rules.c b/sources/rules.c index 8a9031861..d7cff9a1f 100644 --- a/sources/rules.c +++ b/sources/rules.c @@ -708,6 +708,7 @@ od_rules_forward_sequential(od_rules_t *rules, char *db_name, char *user_name, continue; } } + db_matched = rule->db_is_default || (strcmp(rule->db_name, db_name) == 0); user_matched = rule->user_is_default || From 7340ba2169e0b905a64ba30caab871b065cdfb45 Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 26 Aug 2024 09:56:56 +0000 Subject: [PATCH 5/7] or or and thats question --- docker/group/config.conf | 7 ++----- docker/group/test_group.sh | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/docker/group/config.conf b/docker/group/config.conf index 8033238ea..a656adca2 100644 --- a/docker/group/config.conf +++ b/docker/group/config.conf @@ -44,7 +44,6 @@ database "group_db" { group "group2" { authentication "none" - password "password2" storage "postgres_server" storage_db "postgres" @@ -58,7 +57,6 @@ database "group_db" { } group "group3" "127.0.0.0/24" { authentication "none" - password "password2" storage "postgres_server" storage_db "postgres" @@ -72,7 +70,6 @@ database "group_db" { } group "group4" "255.0.0.0/24" { authentication "none" - password "password2" storage "postgres_server" storage_db "postgres" @@ -128,10 +125,10 @@ unix_socket_mode "0644" log_file "/var/log/odyssey.log" log_format "%p %t %l [%i %s] (%c) %m\n" -log_debug no +log_debug yes log_config yes log_session no -log_query no +log_query yes log_stats yes daemonize yes diff --git a/docker/group/test_group.sh b/docker/group/test_group.sh index ce0151e2b..bf3411ef9 100755 --- a/docker/group/test_group.sh +++ b/docker/group/test_group.sh @@ -68,7 +68,7 @@ psql -h localhost -p 6432 -U group_user3 -c "SELECT 1" group_db >/dev/null 2>&1 exit 1 } -psql -h ip4-localhost -p 6432 -U group_user6 -c "SELECT 1" group_db >/dev/null 2>&1 && { +psql -h ip4-localhost -p 6432 -U group_user6 -c "SELECT 1" group_db >/dev/null 2>&1 || { echo "ERROR: Not authenticated with correct addr" cat /var/log/odyssey.log @@ -80,7 +80,7 @@ psql -h ip4-localhost -p 6432 -U group_user6 -c "SELECT 1" group_db >/dev/null 2 exit 1 } -psql -h ip4-localhost -p 6432 -U group_user7 -c "SELECT 1" group_db >/dev/null 2>&1 || { +psql -h ip4-localhost -p 6432 -U group_user7 -c "SELECT 1" group_db >/dev/null 2>&1 && { echo "ERROR: Authenticated with incorrect addr" cat /var/log/odyssey.log From f60f834007cb46f0719929d08fd47502db6a7fe0 Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 26 Aug 2024 10:45:18 +0000 Subject: [PATCH 6/7] second fix --- sources/group.c | 4 ++-- sources/rules.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/sources/group.c b/sources/group.c index 96cb87589..66a0b2b89 100644 --- a/sources/group.c +++ b/sources/group.c @@ -57,8 +57,8 @@ int od_group_parse_val_datarow(machine_msg_t *msg, char **group_member) if (kiwi_unlikely(rc == -1)) { goto error; } - - *group_member = strdup(pos); + + *group_member = strndup(pos,val_len); if (*group_member == NULL) { goto error; } diff --git a/sources/rules.c b/sources/rules.c index d7cff9a1f..23b17a146 100644 --- a/sources/rules.c +++ b/sources/rules.c @@ -360,6 +360,9 @@ void od_rules_group_checker_run(void *arg) usernames[j] = member_name->value; j++; } + od_debug(&instance->logger, "group_checker", + group_checker_client, server, "%d", + count_group_users); for (int k = 0; k < count_group_users; k++) { od_debug(&instance->logger, "group_checker", group_checker_client, server, From d69c3658f5b992d22f56d931442d30f619071cab Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 26 Aug 2024 10:46:46 +0000 Subject: [PATCH 7/7] fmt --- sources/group.c | 4 ++-- sources/rules.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sources/group.c b/sources/group.c index 66a0b2b89..4e4b2ca7c 100644 --- a/sources/group.c +++ b/sources/group.c @@ -57,8 +57,8 @@ int od_group_parse_val_datarow(machine_msg_t *msg, char **group_member) if (kiwi_unlikely(rc == -1)) { goto error; } - - *group_member = strndup(pos,val_len); + + *group_member = strndup(pos, val_len); if (*group_member == NULL) { goto error; } diff --git a/sources/rules.c b/sources/rules.c index 23b17a146..d8e844419 100644 --- a/sources/rules.c +++ b/sources/rules.c @@ -361,8 +361,8 @@ void od_rules_group_checker_run(void *arg) j++; } od_debug(&instance->logger, "group_checker", - group_checker_client, server, "%d", - count_group_users); + group_checker_client, server, "%d", + count_group_users); for (int k = 0; k < count_group_users; k++) { od_debug(&instance->logger, "group_checker", group_checker_client, server,